Advertisement:

Author Topic: Assistance editing smf_registration.php (i.e. bridged registration form)  (Read 6059 times)

Offline mindfriction

  • Semi-Newbie
  • *
  • Posts: 47
Hi guys and girls,

I have been editing the bridged registration for quite some time now to include some extra form fields for users to fill out and some extra validation taken from the SMF registration (Register.php). I have gone into this in some depth and I have a fair idea how the bridged registration works. Through careful comparison of the original SMF and Mambo registrations I have discovered there are a number of little pitfalls with the bridged registration;

  • It check's to make sure Mambo registration is enabled but NOT SMF-doesnt make sense for a 'bridge'
  • It does not check for banned email addresses added to SMF
  • It does not have the flexibility of registering options into the themes table-i..e all registration fields must be existing in smf_members
  • SMF has an extra 'admin' registration, I can't see how this ties in with the bridge

With my limited knowledge of SMF and Mambo Ive tried to ressurect a few of these issues, along with including some of the extra fields I would like in the registration. I haven't fully tested it, but I was wondering if someone could take a quick look at my mod's and tell me if im on the right track..

NB: ALL mod's/code added by me are b/w the  '<----->' and denoted with  "Added:" comments

Cheers


<?php
//smf_registration.php
/**
* @version $Id: registration.php,v 1.19 2004/09/22 00:12:41 prazgod Exp $
* @package Mambo_4.5.1
* @copyright (C) 2000 - 2004 Miro International Pty Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
* Mambo is Free Software
*/

/** ensure this file is being included by a parent file */
defined( &#39;_VALID_MOS&#39; ) or die( &#39;Direct Access to this location is not allowed.&#39; );

$task mosGetParam$_REQUEST, &#39;task&#39;, "" );
require_once( $mainframe->getPath( &#39;front_html&#39; ) );
  
global $mosConfig_absolute_path$database;
global 
$mos_prefix,$smf_prefix;

if (!
defined(&#39;SMF&#39;)){
  
global $mosConfig_absolute_path;
  require (
$mosConfig_absolute_path."/administrator/components/com_smf/config.smf.php");
  require (
$smf_path."/SSI.php");
}



switch( 
$task ) {
	
case 
"lostPassword":
	
lostPassForm$option );
	
break;

	
case 
"sendNewPass":
	
sendNewPass$option );
	
break;

	
case 
"register":
	
registerForm$option$mosConfig_useractivation );
	
break;
	

	
case 
"":
	
registerForm$option$mosConfig_useractivation );
	
break;

	
case 
"saveRegistration":
	
saveRegistration$option );
	
break;

	
case 
"activate":
	
activate$option );
	
break;
}

function 
lostPassForm$option ) {
  global 
$mainframe;
  
$mainframe->SetPageTitle(_PROMPT_PASSWORD);
	
HTML_smf_registration::lostPassForm($option);
}

function 
sendNewPass$option ) {
	
global 
$database$Itemid;
	
global 
$mosConfig_live_site$mosConfig_sitename$smf_prefix;

	
$_live_site $mosConfig_live_site;
	
$_sitename $mosConfig_sitename;

	
// ensure no malicous sql gets past
	
$checkusername trimmosGetParam$_POST, &#39;checkusername&#39;, &#39;&#39;) );
	
$checkusername $database->getEscaped$checkusername );
	
$confirmEmail trimmosGetParam$_POST, &#39;confirmEmail&#39;, &#39;&#39;) );
	
$confirmEmail $database->getEscaped$confirmEmail );

	
$database->setQuery"SELECT id, username FROM #__users"
	
"\nWHERE username=&#39;$checkusername&#39; AND email=&#39;$confirmEmail&#39;"
	
);

	
if (!(
$user_id $database->loadResult()) || !$checkusername || !$confirmEmail) {
	
	
mosRedirect"index.php?option=$option&task=lostPassword&mosmsg="._ERROR_PASS );
	
}

	
$database->setQuery"SELECT name, email FROM #__users"
	
"\n WHERE usertype=&#39;superadministrator&#39;" );
	
$rows $database->loadObjectList();
	
foreach (
$rows AS $row) {
	
	
$adminName $row->name;
	
	
$adminEmail $row->email;
	
}

	
$newpass mosMakePassword();
	
$message _NEWPASS_MSG;
	
eval (
"\$message = \"$message\";");
	
$subject _NEWPASS_SUB;
	
eval (
"\$subject = \"$subject\";");

	
mosMail($mosConfig_mailfrom$mosConfig_fromname$confirmEmail$subject$message);

	
$newpass md5$newpass );
	
$sql "UPDATE #__users SET password=&#39;$newpass&#39; WHERE id=&#39;$user_id&#39;";
	
$database->setQuery$sql );
	
if (!
$database->query()) {
	
	
die(
"SQL error" $database->stderr(true));
	
}
	
$sql "UPDATE {$smf_prefix}members SET passwd=&#39;$newpass&#39; WHERE memberName=&#39;$checkusername&#39;";
	
$database->setQuery$sql );
	
if (!
$database->query()) {
	
	
die(
"SQL error" $database->stderr(true));
	
}

	
mosRedirect"index.php?Itemid=$Itemid&mosmsg="._NEWPASS_SENT );
}

function 
registerForm$option$useractivation ) {
	
global 
$mainframe$database$my$acl$boarddir;

	
if (!
$mainframe->getCfg( &#39;allowUserRegistration&#39; )) {
	
	
mosNotAuth();
	
	
return;
	
}
  
$mainframe->SetPageTitle(_REGISTER_TITLE);
	
HTML_smf_registration::registerForm($option$useractivation$context);
}

function 
saveRegistration$option ) {

	
global 
$modSettings,$user_settings,$context$database$my$acl$db_name$user_info;
	
global 
$mosConfig_sitename$mosConfig_live_site$mosConfig_useractivation$mosConfig_allowUserRegistration;
	
global 
$mosConfig_mailfrom$mosConfig_fromname$mosConfig_mailfrom$mosConfig_fromname;
	
global 
$mos_prefix,$smf_prefix;

	
//Added : make sure both Mambo & SMF have registration enabled, else return
	
if (
$mosConfig_allowUserRegistration=="0" || (!empty($modSettings[&#39;registration_method&#39;]) && $modSettings[&#39;registration_method&#39;] == 3)) {
	
	
mosNotAuth();
	
	
return;
	
}

	
	
mysql_select_db($GLOBALS[&#39;mosConfig_db&#39;]);


	
$row = new mosUser$database );
	

	
//??? Where&#39;s usertype coming from ? Can&#39;t see it being posted by smf_registration.html.php ?
	
if (!
$row->bind$_POST"usertype" )) {
	
	
echo 
"<script> alert(&#39;".$row->getError()."&#39;); window.history.go(-1); </script>\n";
	
	
exit();
	
}

	
mosMakeHtmlSafe($row);

	
$row->id 0;
	
$row->usertype = &#39;&#39;;
	
$row->gid $acl->get_group_id(&#39;Registered&#39;,&#39;ARO&#39;);

	
if (
$mosConfig_useractivation=="1") {
	
	
$row->activation md5mosMakePassword() );
	
	
$row->block "1";
	
}
	
//validate using check() of Mambo&#39;s mosUser class (see mambo.php)
	
if (!
$row->check()) {
	
	
echo 
"<script> alert(&#39;".$row->getError()."&#39;); window.history.go(-1); </script>\n";
	
	
exit();
	
}

	
$pwd $row->password;
	
$row->password md5$row->password );
	
$row->registerDate date("Y-m-d H:i:s");
	

	
//
	
if (!
$row->store()) {
	
	
echo 
"<script> alert(&#39;".$row->getError()."&#39;); window.history.go(-1); </script>\n";
	
	
exit();
	
}

	
	
mysql_select_db($db_name);

	
	
// Check if the email address  and/or username is in use.
	
$request mysql_query("
	
	
SELECT ID_MEMBER
	
	
FROM 
{$smf_prefix}members
	
	
WHERE emailAddress = &#39;
$email&#39;
	
	
	
OR emailAddress = &#39;
$username&#39;
	
	
	
OR memberName = &#39;
$username&#39;
                  OR realName = &#39;
$name&#39;
	
	
LIMIT 1"
);
	
if (
mysql_num_rows($request) != 0)
	
	
fatal_error(sprintf($txt[730], htmlspecialchars($email)), false);
	
mysql_free_result($request);

//<------------------------------------------------------------------>

//Added: SMF&#39;s extra checks for reserverd usernames & banned email addresses

if (isReservedName($username0false))
	
	
fatal_error(&#39;(&#39; . htmlspecialchars($username)) .&#39; &#39;. $txt[473], false);

// Clear ban on email address, the user might come up with a better address.
	
if (!empty(
$_SESSION[&#39;ban&#39;][&#39;cannot_register&#39;][&#39;type&#39;]) && $_SESSION[&#39;ban&#39;][&#39;cannot_register&#39;][&#39;type&#39;] == &#39;email_ban&#39;)
	
	
$_SESSION[&#39;ban&#39;][&#39;cannot_register&#39;] = array(
	
	
	
&
#39;is_banned&#39; => false
	
	
);
	
if (!empty(
$_SESSION[&#39;ban&#39;][&#39;full_ban&#39;][&#39;type&#39;]) && $_SESSION[&#39;ban&#39;][&#39;full_ban&#39;][&#39;type&#39;] == &#39;email_ban&#39;)
	
	
$_SESSION[&#39;ban&#39;][&#39;full_ban&#39;] = array(
	
	
	
&
#39;is_banned&#39; => false
	
	
);

	
// Is this email address banned?
	
$request db_query("
	
	
SELECT restriction_type, reason
	
	
FROM 
{$smf_prefix}banned
	
	
WHERE ban_type = &#39;email_ban&#39;
	
	
	
AND &#39;
$email&#39; LIKE email_address
	
	
	
AND (restriction_type = &#39;cannot_register&#39; OR restriction_type = &#39;full_ban&#39;)"
__FILE____LINE__);
	
if (
mysql_num_rows($request) > 0)
	
	
while (
$row mysql_fetch_assoc($request))
	
	
{
	
	
	
$_SESSION[&#39;ban&#39;][$row[&#39;restriction_type&#39;]] = array(
	
	
	
	
&
#39;is_banned&#39; => true,
	
	
	
	
&
#39;reason&#39; => empty($row[&#39;reason&#39;]) ? &#39;&#39; : &#39;<br /><br /><b>&#39; . $txt[&#39;ban_reason&#39;] . &#39;:</b> &#39; . $row[&#39;reason&#39;],
	
	
	
	
&
#39;type&#39; => &#39;email_ban&#39;
	
	
	
);
	
	
}
	
mysql_free_result($request);

	
// This email address must be registered as banned.
	
if (isset(
$_SESSION[&#39;ban&#39;]) && ($_SESSION[&#39;ban&#39;][&#39;full_ban&#39;][&#39;is_banned&#39;] || $_SESSION[&#39;ban&#39;][&#39;cannot_register&#39;][&#39;is_banned&#39;]))
	
{
	
	
// Log this ban for future reference.
	
	
db_query("
	
	
	
INSERT INTO 
{$smf_prefix}log_banned
	
	
	
	
(ID_MEMBER, ip, email, logTime)
	
	
	
VALUES (0, &#39;
$user_info[ip]&#39;, &#39;$email&#39;, " time() . &#39;)&#39;, __FILE__, __LINE__);

	
	
// Full ban. Get the default ban error.
	
	
if (
$_SESSION[&#39;ban&#39;][&#39;full_ban&#39;][&#39;is_banned&#39;])
	
	
	
fatal_error(sprintf($txt[430], $txt[28]) . $_SESSION[&#39;ban&#39;][&#39;full_ban&#39;][&#39;reason&#39;]);

	
	
// &#39;Cannot register&#39; ban.
	
	
if (
$_SESSION[&#39;ban&#39;][&#39;cannot_register&#39;][&#39;is_banned&#39;])
	
	
	
fatal_error($txt[&#39;ban_register_prohibited&#39;] . &#39;!&#39; . $_SESSION[&#39;ban&#39;][&#39;cannot_register&#39;][&#39;reason&#39;]);
	
}
//<--------------------------------------------------------------->
	

	

	

	
//OK then, let&#39;s get this user into Mambo
	

	
mysql_select_db($GLOBALS[&#39;mosConfig_db&#39;]);
    
$row->checkin();
	
$name $row->name;
	
$email $row->email;
	
$username $row->username;
    
$mos_find_id mysql_query"SELECT id FROM {$mos_prefix}users WHERE name=&#39;".$name."&#39; LIMIT 1");
	
$mos_id_array mysql_fetch_array($mos_find_id);
	
$mos_id $mos_id_array[0];
	
$mos_write mysql_query"INSERT INTO {$mos_prefix}core_acl_aro ( `aro_id` , `section_value` , `value` , `order_value` , `name` , `hidden` ) VALUES (&#39;&#39;, &#39;users&#39;, &#39;".$mos_id."&#39;, &#39;0&#39;, &#39;".$name."&#39;, &#39;0&#39;);");
	
$mos_map_sql mysql_query("SELECT `aro_id` FROM {$mos_prefix}core_acl_aro WHERE name=&#39;".$name."&#39; LIMIT 1");
	
$mos_map_array mysql_fetch_array($mos_map_sql);
	
$aro_id $mos_map_array[0];
	
$mos_write mysql_query ("INSERT INTO {$mos_prefix}core_acl_groups_aro_map ( `group_id` , `section_value` , `aro_id` ) VALUES (&#39;18&#39;, &#39;&#39;, &#39;".$aro_id."&#39;);");

	
	
// register each user into SMF right away.  This saves from having to confirm email address/password later

	
	
mysql_select_db($db_name);

	
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
	
$register_vars = array(
	
	
&
#39;memberName&#39; => "&#39;$username&#39;",
	
	
&
#39;emailAddress&#39; => "&#39;$email&#39;",
	
	
&
#39;passwd&#39; => &#39;\&#39;&#39; . md5_hmac($pwd, strtolower($username)) . &#39;\&#39;&#39;,
	
	
&
#39;posts&#39; => 0,
	
	
&
#39;dateRegistered&#39; => time(),
	
	
&
#39;memberIP&#39; => "&#39;$user_info[ip]&#39;",
	
	
&
#39;is_activated&#39; => empty($modSettings[&#39;registration_method&#39;]) || (!isset($_POST[&#39;emailActivate&#39;]) && $user_info[&#39;is_admin&#39;]) ? 1 : 0,
	
	
&
#39;validation_code&#39; => !empty($modSettings[&#39;registration_method&#39;]) && $modSettings[&#39;registration_method&#39;] == 1 ? "&#39;$pwd&#39;" : "&#39;&#39;",
	
	
&
#39;realName&#39; => "&#39;$name&#39;",
	
	
&
#39;personalText&#39; => &#39;\&#39;&#39; . addslashes($modSettings[&#39;default_personalText&#39;]) . &#39;\&#39;&#39;,
	
	
&
#39;im_email_notify&#39; => 1,
	
	
&
#39;ID_THEME&#39; => 0,
	
	
&
#39;ID_POST_GROUP&#39; => 4,
	
);

	
// Make sure the ID_GROUP will be valid, if this is an administator.
	
if (
$user_info[&#39;is_admin&#39;])
	
	
$register_vars[&#39;ID_GROUP&#39;] = empty($_POST[&#39;group&#39;]) ? 0 : (int) $_POST[&#39;group&#39;];

	
// !!! These need more validation and possibly permissions!!
	
// !!! Add birthdate parts?
	
$possible_strings = array(
	
	
&
#39;realName&#39;,
	
	
&
#39;lngfile&#39;,
	
	
&
#39;personalText&#39;, &#39;signature&#39;, &#39;avatar&#39;,
	
	
&
#39;location&#39;,
	
	
&
#39;websiteTitle&#39;, &#39;websiteUrl&#39;,
	
	
&
#39;gender&#39;,
	
	
&
#39;timeFormat&#39;,
	
	
&
#39;secretQuestion&#39;, &#39;secretAnswer&#39;,
	
	
&
#39;smileySet&#39;,
	
	
&
#39;birthdate&#39;,
	
);
	
$possible_ints = array(
	
	
&
#39;ICQ&#39;, &#39;AIM&#39;, &#39;YIM&#39;, &#39;MSN&#39;,
	
	
&
#39;ID_THEME&#39;,
	
);
	
$possible_floats = array(
	
	
&
#39;timeOffset&#39;,
	
);
	
$possible_bools = array(
	
	
&
#39;hideEmail&#39;, &#39;showOnline&#39;,
	
	
&
#39;im_email_notify&#39;,
	
	
&
#39;notifyAnnouncements&#39;, &#39;notifyOnce&#39;,
	
);

	
foreach (
$possible_strings as $var)
	
	
if (isset(
$_POST[$var]))
	
	
	
$register_vars[$var] = &#39;\&#39;&#39; . $_POST[$var] . &#39;\&#39;&#39;;
	
foreach (
$possible_ints as $var)
	
	
if (isset(
$_POST[$var]))
	
	
	
$register_vars[$var] = (int) $_POST[$var];
	
foreach (
$possible_floats as $var)
	
	
if (isset(
$_POST[$var]))
	
	
	
$register_vars[$var] = (float) $_POST[$var];
	
foreach (
$possible_bools as $var)
	
	
if (isset(
$_POST[$var]))
	
	
	
$register_vars[$var] = empty($_POST[$var]) ? 1;
	
	
	

//<--------------------------------------------------------------------->
//Added: collect any option/default_option variables
	
// Register options are always default options...
	
if (isset(
$_POST[&#39;default_options&#39;]))
	
	
$_POST[&#39;options&#39;] = isset($_POST[&#39;options&#39;]) ? $_POST[&#39;options&#39;] + $_POST[&#39;default_options&#39;] : $_POST[&#39;default_options&#39;];

	
// Administrator?  We&#39;ll need to fetch the default theme options for the guest, then.
	
if (
$user_info[&#39;is_admin&#39;])
	
{
	
	
$result db_query("
	
	
	
SELECT variable, value
	
	
	
FROM 
{$db_prefix}themes
	
	
	
WHERE ID_MEMBER = -1
	
	
	
	
AND ID_THEME" 
. ($settings[&#39;theme_id&#39;] == 1 ? &#39; = 1&#39; : " IN ($settings[theme_id], 1)"), __FILE__, __LINE__);
	
	
$options2 = array();
	
	
while (
$row mysql_fetch_assoc($result))
	
	
{
	
	
	
if (!isset(
$options2[$row[&#39;variable&#39;]]) || $row[&#39;ID_THEME&#39;] != &#39;1&#39;)
	
	
	
	
$options2[$row[&#39;variable&#39;]] = $row[&#39;value&#39;];
	
	
}
	
	
mysql_free_result($result);

	
	
$theme_vars = (isset($_POST[&#39;options&#39;]) && is_array($_POST[&#39;options&#39;]) ? $_POST[&#39;options&#39;] : array()) + $options2;
	
}
	
// Set up the theme variables.... then add $options for the defaults.
	
else
	
	
$theme_vars = (isset($_POST[&#39;options&#39;]) && is_array($_POST[&#39;options&#39;]) ? $_POST[&#39;options&#39;] : array()) + $options;

//<---------------------------------------------------------------------->
	
// Register them into the database.
	
mysql_query("
	
	
INSERT INTO 
{$smf_prefix}members
	
	
	
(" 
implode(&#39;, &#39;, array_keys($register_vars)) . ")
	
	
VALUES (" . implode(&#39;, &#39;, $register_vars) . &#39;)&#39;);
	
$memberID = db_insert_id();
	
updateStats(&#39;member&#39;);

	
	
mysql_select_db(
$GLOBALS[&#39;mosConfig_db&#39;]);
//<------------------------------------------------------------------>
//Added: registering of theme variables
// Theme variables too?
	
if (!empty(
$theme_vars))
	
{
	
	
$setString = &#39;&#39;;
	
	
foreach (
$theme_vars as $var => $val)
	
	
	
$setString .= "
	
	
	
	
(
$memberID, &#39;$var&#39;, &#39;$val&#39;),";
	
	
db_query("
	
	
	
INSERT INTO 
{$db_prefix}themes
	
	
	
	
(ID_MEMBER, variable, value)
	
	
	
VALUES " 
substr($setString0, -1), __FILE____LINE__);
	
}
//<--------------------------------------------------------->


	
$subject sprintf (_SEND_SUB$name$mosConfig_sitename);
	
$subject html_entity_decode($subjectENT_QUOTES);
	
if (
$mosConfig_useractivation=="1"){
	
	
$message sprintf (_USEND_MSG_ACTIVATE$name$mosConfig_sitename$mosConfig_live_site."/index.php?option=com_smf_registration&task=activate&activation=".$row->activation$mosConfig_live_site$username$pwd);
	
} else {
	
	
$message sprintf (_USEND_MSG$name$mosConfig_sitename$mosConfig_live_site);
	
}

	
$message html_entity_decode($messageENT_QUOTES);
	
// Send email to user
	
if (
$mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
	
	
$adminName2 $mosConfig_fromname;
	
	
$adminEmail2 $mosConfig_mailfrom;
	
} else {
	
	
$database->setQuery"SELECT name, email FROM #__users"
	
	
.
"\n WHERE usertype=&#39;superadministrator&#39;" );
	
	
$rows $database->loadObjectList();
	
	
$row2 $rows[0];
	
	
$adminName2 $row2->name;
	
	
$adminEmail2 $row2->email;
	
}

	
mosMail($adminEmail2$adminName2$email$subject$message);

	
// Send notification to all administrators
	
$subject2 sprintf (_SEND_SUB$name$mosConfig_sitename);
	
$message2 sprintf (_ASEND_MSG$adminName2$mosConfig_sitename$row->name$email$username);
	
$subject2 html_entity_decode($subject2ENT_QUOTES);
	
$message2 html_entity_decode($message2ENT_QUOTES);

	
// get superadministrators id
	
$admins $acl->get_group_objects25, &#39;ARO&#39; );

	
foreach ( 
$admins[&#39;users&#39;] AS $id ) {
	
	
$database->setQuery"SELECT email, sendEmail FROM #__users"
	
	
	
.
"\n WHERE id=&#39;$id&#39;" );
	
	
$rows $database->loadObjectList();

	
	
$row $rows[0];

	
	
if (
$row->sendEmail) {
	
	
	
mosMail($adminEmail2$adminName2$row->email$subject2$message2);
	
	
}
	
}

	
if ( 
$mosConfig_useractivation == "1" ){
	
	
echo 
_REG_COMPLETE_ACTIVATE;
	
} else {
	
	
echo 
_REG_COMPLETE;
	
}

}

function 
activate$option ) {
	
global 
$database$smf_prefix$mos_prefix;

	
$activation trimmosGetParam$_REQUEST, &#39;activation&#39;, &#39;&#39;) );

	
$request mysql_query"SELECT id,username FROM {$mos_prefix}users WHERE activation=&#39;$activation&#39; AND block=&#39;1&#39;" );
	
$result mysql_fetch_array($request);
	
if (
$result[0]) {
	
	
$database->setQuery"UPDATE #__users SET block=&#39;0&#39;, activation=&#39;&#39; WHERE activation=&#39;$activation&#39; AND block=&#39;1&#39;" );
	
	
if (!
$database->query()) {
	
	
	
echo 
"SQL error" $database->stderr(true);
	
	
}
	
	
mysql_select_db ($db_name);
	
	
mysql_query("UPDATE {$smf_prefix}members SET is_activated=&#39;1&#39; , validation_code=&#39;&#39; WHERE memberName = &#39;$result[1]&#39; LIMIT 1");
	
	
mysql_select_db ($mosConfig_db);

	
	
echo 
_REG_ACTIVATE_COMPLETE;
	
} else {
	
	
echo 
_REG_ACTIVATE_NOT_FOUND;
	
}
}

function 
is_email($email){
	
$rBool=false;

	
if(
preg_match("/[\w\.\-]+@\w+[\w\.\-]*?\.\w{1,4}/"$email)){
	
	
$rBool=true;
	
}
	
return 
$rBool;
}

/* This function will login the user to both Mambo and SMF */
	
function 
smf_login$username null,$passwd null ) {


	
	
mosRedirect"index.php?option=login&username=" $username "&passwd=" $passwd  );
	
	

	
}
	
	
mysql_select_db($GLOBALS[&#39;mosConfig_db&#39;]);

?>